Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

· Authorities reported that an August 12
chemical leak in a barrel at Pacific Steel and Recycling plant in Spokane,
Washington, hospitalized at least 10 workers and prompted an evacuation of a
4-block perimeter surrounding the site. – KREM 2 Spokane

3. August 13,
KREM 2 Spokane – (Washington) 8 critically hurt in chlorine leak at recycling
plant. Authorities reported that an August 12 chemical leak in a barrel at
Pacific Steel and Recycling plant in Spokane hospitalized at least 10 workers
and prompted an evacuation of a 4-block perimeter surrounding the site. Crews
worked to decontaminate employees exposed to the chemical and officials
temporarily halted Burlington Northern train traffic through the area.

· A spokesperson with the U.S. Department
of Veterans Affairs (VA) stated August 11 that the agency was taking action to
enroll and reach out to 35,093 combat veterans that were denied health care
enrollment for more than 5 years due to an error with the department’s computer
system. – Washington Free Beacon

24. August 11,
Washington Free Beacon – (National) 35,000 combat veterans denied
health care because of VA computer error. A spokesperson with the U.S.
Department of Veterans Affairs (VA) stated August 11 that the agency was taking
action to enroll and reach out to 35,093 combat veterans that were denied
health care enrollment for more than 5 years due to an error with the
department’s computer system. The VA also stated that it is working to correct
the computer error.

·
Guards used pepper spray and fired warning shots to control a riot involving 70
inmates at the California State Prison, Sacramento after an inmate was attacked
in the exercise yard and killed August 12. – KXTV 10 Sacramento; Associated
Press (See item 30)

5. August 13,
U.S. Securities and Exchange Commission – (National) Edward Jones to pay
$20 million for overcharging retail customers in municipal bond underwritings. The
U.S. Securities and Exchange Commission announced August 13 that the St.
Louis-based brokerage firm Edward Jones and the former leader of its municipal
bonds underwriting desk would pay over $20 million to resolve allegations that
they overcharged customers in new municipal bonds sales instead of offering them
at the typical initial offering price. Source: http://www.sec.gov/news/pressrelease/2015-166.html

6. August 12,
Reuters – (National) U.S. charges data brokers in $7 million payday
loan scam. The U.S. Federal Trade Commission announced charges August 12
against Sequioa One LLC, Gen X Marketing Group LLC, and 4 suspects in a data
broker operation for allegedly selling the financial information of 500,000
payday loan applicants’ to scammers, who raided bank accounts for at least $7.1
million. Source: http://www.reuters.com/article/2015/08/12/usa-ftc-fraud-idUSL1N10N1F320150812

7. August 13,
Philadelphia Business Journal – (National) Trio of regulators
order big bank to pay $34M for deposit discrepancies. The U.S. Consumer
Financial Protection Bureau, U.S. Federal Deposit Insurance Corporation, and
the Office of the Comptroller of the Currency ordered Citizens Bank to pay $20
million in fines and $14 million in restitution for failing to honor full
credit for customer deposits until the fourth quarter of 2013. Source: http://www.bizjournals.com/philadelphia/news/2015/08/12/citizens-bank-fine-deposits-owed-20m-fdic.html

Information Technology Sector

32. August 13,
Securityweek – (International) SAP Security updates patch 22
vulnerabilities. SAP released patches for 22 vulnerabilities and updated
four previously release patches, including a remote code execution flaw in SAP
ST-P that an attacker could leverage to compromise SAP servers and access
information stored on them, and a Reflected File Download (RFD) in SAP’s
NetWeaver AFP Servlet that could be exploited to push malware onto victims’
devices using a specially crafted link, among other flaws. Source: http://www.securityweek.com/sap-security-updates-patch-22-vulnerabilities

33. August 13,
Help Net Security – (International) Cisco spots attackers hijacking its
networking gear by modifying firmware. Cisco reported that attackers have
been conducting attacks in-the-wild in which they gain administrative or
physical access to an IOS device before replacing the IOS ROMMON with a
malicious ROMMON image in order to manipulate device behavior.

34. August 12,
The Register – (International) CAUGHT: Lenovo crams unremovable crapware
into Windows laptops – by hiding it in the BIOS. Security researchers
reported that Lenovo bundled laptops with persistent firmware that installs the
Lenovo Service Engine (LSE) software, which is vulnerable to a buffer-overflow
flaw that could be exploited to gain administrator-level privileges. The LSE
software is no longer included in new laptops. Source: http://www.theregister.co.uk/2015/08/12/lenovo_firmware_nasty/

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"